Over the last two years Australia Post has not undertaken detailed security risk assessments for two of its critical systems — its corporate data warehouse and eParcel applications — according to the Australian National Audit Office (ANAO).
A report by the ANAO says that Australia Post’s approach to security falls short in a number of areas Australia Post has a “fit for purpose” cyber security risk management framework; however, an ANAO audit revealed that the organisation has failed to implement many of the security controls it specifies.
“Australia Post’s cyber security framework and controls have been the focus of internal reviews, which highlighted that Australia Post had not fully implemented the security standards in its cyber security risk management framework,” states the report released today by the ANAO.
Australia Post’s “existing controls do not sufficiently mitigate the risks it has identified,” the ANAO found
One weakness identified by the audit was patch management, the ANAO said. Australia Post “remediates patches to desktops and servers, however,…
